Introduction
This article introduces an approach to connect IPv6 devices to Azure IoT Hub.
Azure IoT Hub
Azure IoT Hub is a crucial component in the Internet of Things (IoT) ecosystem, designed to facilitate seamless communication between IoT devices and the cloud. It plays an indispensable role in connecting, monitoring, and managing large networks of IoT devices, making it a cornerstone for businesses across various industries. Azure IoT Hub not only ensures secure and reliable device-to-cloud and cloud-to-device communication but also provides features like device provisioning, scalability, and integration with Azure services, making it a fundamental tool for harnessing the power of IoT. For more details, please follow – Azure - IoT Hub documentation
Emergence of IPv6 IoT Devices
With the rapid proliferation of IoT devices, the need for a larger address space and improved network capabilities has led to the emergence of IPv6-enabled IoT devices. IPv6 provides a vastly expanded address pool, which is essential for accommodating the growing number of devices in IoT ecosystems. As IoT continues to evolve and diversify, the adoption of IPv6 for IoT device connectivity is becoming increasingly prevalent, ensuring that devices can connect and communicate efficiently and securely in a connected world.
Challenges
At this moment, some of the Azure services including Azure IoT Hub does not natively support IPv6 device connectivity or communication. However, this can be achieved by deploying an IPv6-to-IPv4 gateway that can bridge the gap between IPv6-enabled devices and Azure IoT Hub, facilitating communication and data exchange.
In the architectural flow mentioned below, our Nginx act as a proxy stream server which translates the IPv6 address to IPv4 address.
Architectural overview
Please note: The entire communication from device to IoT Hub happens over port 8883.
As shown in the above diagram, this setup involves below major Azure services:
- Public Azure load balancer with IPv6 frontend IP.
- Dual stack (IPv4 & IPv6 enabled) virtual machines as a load balancer’s backend.
- Nginx running as a streaming server on the virtual machines.
- IoT Hub enabled with private endpoints.
- Azure storage account enabled with private endpoints.
Resource deployment and configuration
Dual stack NIC
az network nic create \
--resource-group <resource_group> \
--name <nic_name> \
--vnet-name <vnet_name> \
--subnet <subnet_name> \
--private-ip-address-version IPv4
az network nic ip-config create \
--resource-group <resource_group> \
--name <config_name> \
--nic-name <nic_name> \
--vnet-name <vnet_name> \
--subnet <subnet_name> \
--private-ip-address-version IPv6
Dual stack network virtual machine
az vm create --name <vm_name> \
--resource-group <resource_group > \
--admin-username '<username>' \
--admin-password '<password>' \
--nics <nic_name> \
--image Ubuntu2204
Standard SKU public IPv6 IP
az network public-ip create \
--name <public_ip_name> \
--resource-group <resource_group> \
--allocation-method Static \
--sku Standard \
--version IPv6
Public Azure load balancer
az network lb create \
--resource-group <resource_group> \
--name <lb_name> \
--sku Standard \
--frontend-ip-name <fip_name> \
--public-ip-address <public_ip_name>
az network lb address-pool create \
--resource-group <resource_group> \
--lb-name <lb_name> \
--name <backend_pool_name>
az network nic ip-config address-pool add \
--resource-group <resource_group> \
--nic-name <nic_name> \
--ip-config-name <config_name> \
--lb-name <lb_name> \
--address-pool <backend_pool_name>
az network lb probe create \
--resource-group <resource_group> \
--lb-name <lb_name> \
--name <hp_name> \
--protocol Tcp --port 8883
az network lb rule create \
--resource-group <resource_group> \
--lb-name <lb_name> \
--name <rule_name> \
--protocol Tcp \
--frontend-port 8883 \
--backend-port 8883 \
--frontend-ip-name <fip_name> \
--backend-pool-name <backend_pool_name> \
--probe-name <hp_name>
For more details, please follow – Azure - Deploy an IPv6 dual stack application
Setting up Nginx stream server
Installing Nginx
Please note: We have used the Ubuntu, commands may be vary depending upon the OS flavour.
$ sudo apt update
$ sudo apt install nginx
$ systemctl status nginx
Configuring Nginx
Edit Nginx configuration:
$ vi /etc/nginx/nginx.conf
Paste the following block:
stream {
log_format detailed '$time_iso8601 $remote_addr [$proxy_protocol_addr] [$server_addr:$server_port] $protocol $status $bytes_sent $bytes_received $session_time';
access_log /var/log/nginx/access.log detailed;
server {
listen [::]:8883;
proxy_pass <IoT_Hub_Host_Name>:8883;
}
}
Test the Nginx configuration:
$ nginx –t
Nginx reload for the latest configuration:
$ nginx –s reload
Verify the listening ports:
$ netstat –tulpn | grep 8883
NSG configuration
Since the communication happens via Azure load balancer which is a layer 4 load balancer, the traffic initiated by IPv6 devices is forwarded as it is to VM by load balancer keeping the session intact.
Hence, we have to allow the traffic for devices on the NSG level. For more details, please follow – Azure - Create, change, or delete a network security group
Sample NSG rule
NSG rule parameter |
NSG rule value |
Source |
IP Addresses |
Source IP addresses/CIDR ranges |
Device IPv6 Address |
Source port range |
* |
Destination |
IP Addresses |
Destination IP addresses/CIDR ranges |
Nginx VM IPv6 Address |
Service |
Custom |
Destination port ranges |
8883 |
Protocol |
TCP |
Action |
Allow |
Route device messages to Azure storage
You can also leverage message routing feature of IoT Hub to route the messages to Azure storage account. Follow the document for the same – Azure - IoT Hub message routing
Validating entire setup
- Setup an Azure virtual machine with Public IPv6 address.
- Map the custom host entry for IoT Hub hostname:
- edit /etc/hosts
- add custom entry as mentioned below:
<lb_ipv6_fip> <iot_hub_hostname>
- Download the IoT Hub required certificates from – Azure Samples – IoT MQTT Sample - IoTHubRootCA
- Convert pem to crt file by using below command:
$ openssl x509 -outform der -in IoTHubRootCA.crt.pem -out IoTHubRootCA.crt
- Trust the certificate:
$ cp IoTHubRootCA.crt /usr/local/share/ca-certificates/ $ sudo update-ca-certificates
- Follow the guide to generate messages using sample code - Using MQTT to connect an IoT Hub with Python
- Install paho-mqtt client:
$ pip install paho-mqtt
- Get the sample code from the same repo – Sample code
- Generate SAS token for your device by using following command:
$ az iot hub generate-sas-token -d <device_id> -n <hub_name>
- Modify the sample code by adding below details:
- IoT Hub name
- Device ID
- SAS token
- Run the code i.e. python file.
- Observe the traffic in following ways:
Azure > IoT Hub > Metrics > Select metric as telemetry message sent$ tail –f /var/log/nginx/access.log $ tcpdump port 8883